How to make your online accounts more secure: don't answer security questions.

In the past few years I've noticed the increased use of security questions. And it's really a bummer. Not only is it time consuming, but security questions decrease the actual security of a user account. Here's why:

I just signed up for a new Verizon DSL service when I really want FiOS (don't get me started on the FCC and the corruption re: ISPs but that's a separate issue). On signup I was asked to create a password with certain properties... capitalize, numbers, special characters, between 8-20 characters, etc. and also to choose a security question. Here are the options presented:

  1. What was your favorite place to visit as a child?
  2. Where did you and your spouse first meet?
  3. What was the first live concert you attended?
  4. What is the first name of your best friend?
  5. What was the first name of your first roommate?
  6. What is the name of a memorable place?
  7. What was your favorite restaurant in college?

Now let's put ourselves in the mindset of someone trying to gain access to my Verizon account. Black beanie with a striped shirt...check. 

Questions 1, 2, 3, 4, 5, and 7 are all easily found by looking up Alex Waters' Facebook account. It's only easier if the target was born after 1995. It's almost guaranteed that the victim has been collecting a treasure trove of personally-identifiable-information (PII) if they're between the ages of 10-20. And then in many cases making it publicly available, or if not, it's very easy to create a fake Facebook account with a profile picture of a hot lady or dude and send a friend request.

Sidequest: For those wondering, when you get those Facebook friend requests from strangers with attractive photos... they are not into you, they just want to steal your personal information and sell it or use it.

If the security question answers are pretty easy for anyone to find, that's not very secure is it? 

In fact, this is precisely how Bitinstant was hacked for large amounts of money back in 2013.

Here's what you can do to protect yourself... don't answer security questions. Use a password manager (like keypass or onepass) to generate a new password. Then use that as the answer to the security question.

If you aren't using a password manager to generate complicated passwords, your accounts are probably already compromised.

I know this is a major pain in the butt, but it is better than having strangers in your accounts doing whatever they want.

Note to web developers: Please stop using security questions in your applications. They make your user accounts less secure. Ideally we will all be using user device private-key message signing instead of passwords, I'm looking forward to better UX there anyway.

Edit 4/23/16: Check out ClearChat


Bitcoin is not decentralized

The other night I tried to write a short post about Bitcoin being Civilization 1 of the internet. It received a tepid 8 likes. 

That tells me that either I suck at writing or my writing topics are lacking in excitement.

Let's try this writing thing one more time! This time with a sprinkling of personal background.

TL;DR - Bitcoin is failing and disrupting finance is hard. So frustratingly hard that I'm going on sabbatical to work on non-finance stuff for the first time in half a decade.

(I'm sick of having to care about whether I use Bitcoin capitalized or bitcoin lowercase. Talk about seeing the forest for the trees... so for this post I will not care if I capitalize my bitcoins.)

Here's why:

I got involved with Bitcoin in 2010. I read the paper in '09 but I count myself a bitcoin believer for ~6 years.

Milestones of my adventure in Bitcoinland!

2010 - I became immersed in the concept of bitcoin, began mining, thought it was a cool experiment, and fun to play with - but had no idea it would become a BIG DEAL.

Late 2011-2012 - Helping the core development team with quality assurance and project management. Bitcoin is now a BIG DEAL and shit "Hey random guy, can you check the boat for holes - there's like sharks."

#1 goal: make sure Bitcoin works for people. AKA test stuff.

2012-2013 - Helping to build and run Bitinstant which resulted in a lot of people telling me

That’s where I bought my first bitcoin!
— Bitinstant users at various NYC BiTcOin shindigs

2013-2015 - A band of former Bitinstanters set off to explore new ideas and do research under the banner of CoinApex. We had fun, built a lot of software, took public flak for thinking/talking about the "wrong kind of idea", and mostly learned a lot.

There's been a ton of side-quests and I loved meeting all the smart interesting bitcoin people.

Bitcoinland has wizards, pirates, rogues, belles of the ball, priests, magic, angry anarchist mobs, artists, philosopher economists, lawmen fighting for justice, humble workers, and of course heroes and villains. It has politicians arguing on the floor of the forum while Chinese masterminds hold the pursestrings. Passion, adventure, riches, piracy - I witnessed it all in the land of Bitcoin. 

In my time attempting to disrupt global finance with a technology called Bitcoin I have learned these things:

-Bitcoin is a remarkable experiment and probably our first really substantial internet civilization. I say this because the bitcoin society has monetary policy, group-decision making (voting), and its basis is to serve as a public work. Tell me something else that has those properties and I'll call it Civ 1 of the internet.

-Disrupting finance is hard. It is prohibitively expensive, risky, and mind-dullingly frustrating to play in the sandbox of the US banking system. Here's a brief summary in the form of a quote from a figment banker making decisions about technology

"New tech? gah assemble the boys club. Our 1970s cobol architecture has worked for 40 years -- why fix it if it ain't broken. Look at all the money we're making. Ok fine pay the guys in Washington to make those scrappy entrepreneurs get bank charters with impossible to appease regulatory requirements. We'll let them call it Paypal or Bitcoin-lite but throw out their work and make it use our old systems."

My real experience with it is literally this:

CoinApex: Bitinstant had so many regulatory hurdles, let's build something so innocuous that it doesn't have to deal with financial regulation - merchant payment processing.

The Government: We see that you've spent 6 months building something to disrupt finance that we previously didn't care about. Now we care about it so please take our hint -- stop building stuff.

CoinApex: But those other companies have been doing merchant payment processing for decades, why don't you stop them?

The Government: They've been doing it for years and can afford to lobby us. We've made an exception for them so that only you and two other Bitcoin schmucks are regulated.

My advice if you are looking to start a fintech startup: don't. Go build another picture sharing app. Your sanity is worth much more than fixing finance. Even bankers don't want to fix banks.

-The people I worked with are the best part of it all. Companies always disappoint, but working with good people makes it tolerable.

-All current versions of Bitcoin are not ready for the mainstream and it is futile to attempt to bring them to mainstream until the bugs are fixed. (oh yeah I said it)

In my role as former Bitcoin QA guy I still feel responsible for pointing out major bugs in Bitcoin. Many are apparent and Bitcoin is in fact badly broken right now.

Here's why proof of work (PoW) doesn't work for bitcoin consensus:

Bitcoin PoW is setup to create a game theory situation where miners have to expend energy and compute time (which cost real money) in order to capture a profit from the mining reward and fees. If they do something wrong like allow a double spend -- they can't collect the reward and thus lose the money they spent on compute time and energy during the PoW phase.

This game theory is what facilitates consensus on the Bitcoin network. The miners are incentivized to maintain the same bitcoin ledger as each other (have consensus). If one of the miners breaks the rules or diverges from the majority, they get cut off and lose the money they spent on compute time and energy for PoW.

(Read the following paragraph if you're a pain in my ass)
Sometimes I've said that Bitcoin uses "Proof of Work consensus" to which some Bitcoin experts have scoffed and said "you don't understand Bitcoin". OK to be technical -- Bitcoin uses hashed PoW to power the time-stamping server. If we can get past the jargon we can see that the engine in the car is responsible for the car moving. Yes the drivetrain, wheels, chases, etc. are all important too - but I'm here pointing out that the engine is knocking and that's why the car needs repair.

PoW is the spark plugs that are causing the consensus engine to freak out. This is why we have to switch to laser igniters instead of spark plugs.

I always hear that bitcoin is decentralized, but it's clearly not and PoW is the reason. Miners spend real money on mining equipment and electricity to run complex math problems (double sha256). Electricity and electronic manufacturing is cheap in China. Thus, it is easier for people in China to do PoW. Furthermore, Bitcoin is centralized as it is controlled in practice by miners in China.

One ASIC may equal one vote, but people in China can buy and run more ASICs than other people. That's not decentralization. Some special citizens get most of the votes. That's an oligarchy. It also happens to result in a lot of pollution.

Bitcoinland is so focused on how to make the spark plugs get less clogged that it's not focusing on replacing the spark plugs entirely. Even finding laser igniters is not enough. In my mind, the only interesting pursuits in Bitcoin are in the fields of identity and trust networks. Take PoW out of the consensus engine.

Right now Bitcoin expends energy and time which results in carbon emissions. It also results in a game of whoever has the cheapest electricity and computer manufacturing gets to make decisions for the public. The definition of an oligarchy. Sure Bitcoin has some checks and balances left (which is why I classify it in its entirety as a democracy) - but the power in democracies historically ends up in the hands of the rising oligarchy.

My economist friends might remind me that in order for us to create value in a virtual system we need to expend value. The laws of thermodynamics yadda yadda. 

My proposal is that we explore using pseudonymous identity and web of trust to create a system where social capital: reputation - is the resource we expend to create digital value.

If we can quantize reputation as concretely expendable social capital, we can derive a system to transfer that value and use it as a medium of exchange. 

A short post on internet civilizations

Going into 2016, here is my thesis on the macro matters affecting the Bitcoin experiment:

Bitcoin is an amazing attempt to create an internet-based civilization. It was formed as a republic but has devolved into a state of democracy. 

The Bitcoin society focuses primarily on monetary policy (ie. issuing a currency) but it has a lot of the typical symptoms of a civilization. It involves people engaging in commerce -- with policies, enforcement, and property. It has figureheads, castes, enterprise, voting, a writing system, specialization of labor, taxation, and looming debates of public policy and social issues.

I classify Bitcoin as being initialized as a republic but having devolved to democracy (like so many republics before it).

Some background on why I think the hypothesis is valid:

The story of republic->democracy->oligarchy is not new in the history of human civilizations. It is a pattern spoken about by such greats as Plato himself, albeit with older terminology. A well-read statesmen more recently described the concept of civilizations requiring repetitive turnover to reset after the inevitable transition to oligarchy:

The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants
— Thomas Jefferson 1787

Mr. Jefferson even paid homage to the Christian bible in the longer version of that quote. He paraphrased; that God forbids man from a lack of revolution.

Perhaps some Bitcoiners would agree that Bitcoin society is on the verge of schism with such discussions as the blocksize debate. It is certainly one of the more polarizing contentious issues. I would even venture to say that the debate is before officials as a matter of public outcry requiring legislative action at present.

There are still many other unresolved matters of civil unrest: fungibility, privacy, identity, mining centralization, and 51% attack to name a few. Often times the Bitcoin law (or protocol) requires unanimous agreement with the dooming possibility of a rouge nation if all parties do not compromise.

I could go on writing and probably should elaborate on why I equate tx fees to a tax, the scripting language to a written language, mining pools to the bureaucracy, developers to the legislative branch, and mining clients to law enforcement. But this is supposed to be a short post.

Conclusion and predictions:

The problem is that Bitcoin is the cutting edge and I am a concerned citizen. Fortunately I'm not yet worried about bandits or other civilizations pillaging my land because I would venture to say that Bitcoin is the first true civilization on the internet. I say this due to its robust design with thoughtful separation of powers, currency, and other civil infrastructure -- to which I see no rivals.

It was initially setup with rules, founding principles, and the separate powers (users, miners, developers) having relatively effective checks and balances against each other. Those checks and balances have failed in that mining centralization and corporate interests have allowed an oligarchy to develop. The oligarchy naturally has special interests and we can expect to see the decisions about policies like the blocksize debate factoring in those special interests. It should be self-evident that those special interests go against the wishes and best interests of the general public, to which the checks and balances were initially designed to protect. My preferred "One CPU one vote" de jure has been undermined by centralized mining and corporate interest de facto.

I see two possible outcomes: revolution or the furtherance of the oligarchy. Unfortunately there is traditionally a lot of resources held by an oligarchy which tends to try to preserve itself for as long as possible -- resulting in a possibly lengthy period of public suffering.

Now this is all a bit silly. We're talking about magic internet money and it's unlikely that the tech-savvy Bitcoin public will suffer real-world destruction due to the bitnocrats. But as blockchains begin to replace the infrastructure of the traditional offline civilizations - should we be paying more attention to how this all plays out? 

Maybe it's not too crazy to get a 3D printed toga for the quadcopter races. You can find me on the soap box at the forum. What a time to be an internet pleb waiting for a triumph!



Bitcoin is not Randian gold

It's frustrated when people say that Bitcoin has bad macro-economic design or that the rules are set in stone. The design is experimental and the rules are consensus-based; so it is silly to make such binary right or wrong analyses.

Bitcoin is incredibly hard to describe. Its subsystems are complex and we often generalize for the sake of audience understanding. Subsystem details may contradict the precision of the generalization. Additionally, people with strong political beliefs often describe it with agenda-charged jargon, leading to a cloudy vernacular.

Here are some of those buzzphrases; (perhaps with more context we wouldn't hear that they denote poor macro-economic design.)

"Bitcoin is scarce and deflationary"
Some people will say that Bitcoin is deflationary. That due to occasional lost private keys its supply is finite and deflationary.

Contrarily, Bitcoin is inflationary until the year ~2140. New coins are released akin to the Keynesian monetary supply of the USA. It is similar to gold in that there is a fixed and predictable supply, but those rules are subject to change if there is consensus.

Currently Bitcoin is inflationary at a rate of 9% per annum.

"Bitcoin is anonymous"
Through most methods of bitcoin private-key creation, Bitcoin is indeed anonymous by definition of anonymity. The part that is often left out is that the anonymity decays in practice. Transactions are often broadcasted by a participant's IP, route to an identified user's wallet account where they are converted to USD, and drawn to a KYC'd person's bank account.

That is far from anonymous, or if anonymity was a spectrum: we could say that's like writing an anonymous book with a picture of the author on the cover.

"There will only ever be 21 million bitcoin in existence"
This is wrong in at least four ways, and yet I still say it often. 

  1. The real number is closer to 20,999,949.9997 because the 50 genesis block coins cannot be spent, and it is more like a limit - as in, approaches 21MM.
  2. Fractional banking can functionally permit an increase of money supply without an increase in the underlying "cash".
  3. The sentence could be lengthened to "There will only ever be 21 million bitcoin in existence... provided that the consensus dictates adherence to the initiating ruleset or robots don't enslave humanity and abolish Bitcoin."
  4. Whole Bitcoins units (as we typically refer to them) are divisible up to 8 decimal places, giving us something like 2.1 quadrillion actual units. 

All that being said, 21MM is close enough and serves for the purposes of understanding how the system works in most explanations.

There are a growing number of Bitcoin myths (, which illustrates a larger problem. Hard stances on what Bitcoin is or isn't shows that there is a lack of understanding in the consensus mechanism. Consensus is one of its many under-appreciated facets.

Bitcoin is a fluid, adaptive, and self-correcting system. It has several stake-holders with varying interests. All of whom need to agree in order for Bitcoin to press onward. This makes it very difficult to go against what is in the general interest and also makes it very likely that Bitcoin will continue to adapt in the interest of its entire user base. Bitcoin, like many things, cannot work as a Zipf distribution where something like 1% of the users control it. It would collapse in short order if the ruleset did not serve general interests. Subsequently, it would reset with an improved ruleset which invalidates whatever Zipfian rules caused the collapse.

Hopefully all of the new alt-coins will serve as a research testbed for us to discover and eventually implement the ideal incentive macro economics of Bitcoin (among other things). 2140 is only 125 years away.

Quantum Cryptography and Bitcoin

Quantum computing is an entire field of study unto itself. I barely have a student's understanding of how it works, let alone how it impacts cryptology, and further -- that of Bitcoin.

In essence, here is what I have ascertained in my research (please feel free to correct me):

Bitcoin is secured in part by difficult to solve math problems*. To illustrate one of these math problems, we can envision two boats separated by 1000 miles of ocean. One of the boats is manned by pirates and it badly wants to catch the second boat which is manned by engineers. Both boats have a maximum speed of 30 mph on still water, but the ocean's current moves against them at 29.99 mph. Sometimes the pirates improve their engine, or throw someone overboard (thereby reducing their frictional coefficient) and gain some speed; but the engineer's boat has a good looking glass and can keep pace with any speed improvements that the pirates make.

One day the pirate's captain makes a deal with Cthulu and Davy Jones to obtain a quantum engine - which is really just a ghostly second engine (bear with me, the pirates only have one engine slot.) It is way better than one engine even though it occupies the same amount of space because it uses some magic called superposition - which is just ghost-speak for having two things occupy the same space. So because of this magic, the pirates can have their normal engine and a ghost engine at the same time.

The engineers are clever, and they saw this coming all along -- so they have a super-singular elliptic curve isogenous engine bartered from a passing submarine for a Ballmer of rum.

The moral being that the hypothetical pirate boat may gain some spooky magic engine, but the engineers build spooky magic engines for breakfast.

Silly stories aside, quantum computing is certainly a concern for systems secured by cryptography -- but there are many solutions to the proposed threats. On top of this, the block chain is naturally a revision control system -- and given catastrophic failure, it could be patched and rolled back.

There are a large number of people who would likely disagree with me that these solutions are not 100% sound proof, but I stipulate that they are closer to 99.99% than not.

Check out these white papers to see that awesome super-singular elliptic curve isogenous engine in action:

Towards Quantum-Resistant Cryptosystems from Supersingular Elliptic Curve Isogenies by De Feo, Jao, and Plˆut

Machine Level Software Optimization of Cryptographic Protocols by Dieter Fishbein


*To give an idea as to the scale of hashes it would take to produce a sha256 collision in Bitcoin:(2^256/9460800000000000000000)/13800000000 (Bitcoin hashing algorithm, divided by the bitcoin hash rate for one year, divided by the age of the universe)

It would take 886894459681353320486815658331188003935001243 times the age of the universe to create a sha-256 collision with the current Bitcoin hash rate. It could be said, we have a while to figure this one out.

Heading into winter, save money on heat with Bitcoin

@Shoutout to giving me my first byline and picked up piece :D -

Here in NY, heat is a big thing in the winter. It can get bitterly cold, and heating costs add up. Let's do some back of the envelope math to see if we can save money on heating those NY apartments. In a typically NY apartment we're talking 500-1500 sq/ft of living space. So for the purposes of this demonstration, let's use 1000 sq/ft as the magic number. Given that New York is a pretty cold climate, we're going to need about 4,000,000 BTUs per month of heat to keep that apartment warm. Here are the current rates for the common energy sources:

Electricty - $.20/kWh Oil - $3.60/gal Natural Gas -  $15/MCF

This gives us a very approximate cost per million BTU as follows:

Electricity - $60 Oil - $34.60 Natural Gas - $18.75

Which shows natural gas as the clear winner for heating our apartment at approximate cost of  $75/month during the coldest months. But what if electricity is our only option? (There have been several times where I have rented and the only available heating source was electricity. )

In that case it's a clear home run for the next contender: the bitcoin ASIC.

Bitfury ASIC

I won't go into too much detail, but essential it's a machine capable of producing bitcoins for the cost of electricity. The initial purchasing price of the device is also a factor.

From my own personal experience, it takes a gen I 100gh/s Avalon miner (600-1000w PSU) to heat that 1000 sq/ft apartment. It uses 14.4kWh of electricity per day - giving us a monthly cost of ~$86.4. This is without using optimization like thermostats to keep a consistent temperature. My method was to adjust the openness of my window.

Surely $86.4 can't compare to the $60 cost of electricity alone? Surely. But that's not all. The ASIC producing 100gh/s would have bestowed upon us some BTC during that month period. At the current price ($380) we're talking $15/month. It starts to get interesting.

On top of which, that gen 1 100gh/s ASIC is somewhat outdated. We can find used Avalons  on ebay that output 200gh/s for the same amount of electricity or less.  On top of this, there are or shortly will be chips on the market capable of 1W/Gh - which would offset the cost of heating entirely and then some (beating oil and natural gas.)

I believe we're now in the territory of ASIC heat being more efficient than traditional electric heating elements from a cost/btu standpoint. Play this out for a few years and we see the cloud moving to our baseboard heaters.

If you pay for your heat in NY - it probably pays to buy some ASICs. The value of bitcoin will go up or down, the hashrate similarly, but so does oil / gas. Right now it makes sense to heat with ASICs.

Bitcoin: after the beginning...

In my last post on this subject, I wrote about Bitcoin being the beginning of an extreme shift in culture. I anticipate that the shift could take 10-20 years to be realized, but there’s a lot of work that can be done to shorten it to 3 years.

The shift I imagine can primarily be described as decentralized voting, trustless identity/finance pairing, transparent government/public corporations/non-profits, DAOs, granularly controlled privacy for those who want it, and an overall reduction in crime, bureaucracy, and oppression. Additionally, the standard of living, especially in the developing work, will be dramatically much higher.

People in sub-saharan Africa and Latam (where reduction in poverty is vital) will have access to financial services, communication, organization and self-governance. There will be methods for the developed world to efficiently and effectively donate to causes where it is badly needed. Causes like mesh networks to facilitate communication, and food / clean water so that time can be spent on social infrastructure. Funding can go directly to those causes without being pilfered, and results can be more easily monitored for efficacy.


The first feature I was excited about with Bitcoin was its use as currency, value transfer, and value storage. For those who bank branchlessly - this technology alone is life changing. But decentralized ledger systems give us much more than that.

Decentralized voting is huge. Decentralized storage of information, identity, communication, law, business, and much more are all possible and real in the near future.

What most excites me is the ability to quantize the analog world we live in. By decentralizing these metrics in a publicly stored system, we can do some very cool data analysis. We can see if the aid given to Burundi can be categorized by source and destination. We can then see what works and what doesn’t.

Recently a representative from a global charity (one of the largest, with over $4.2bn in contributions in 2013) came to our office. He told us that one of the major issues in giving financial aid is that when it doesn’t go to the matron of the household - funds get spent by the males on alcohol and drugs. It is difficult to keep the men from stealing the funding, so the charities don't give financial aid to those households. If the money can be given directly to the women of the household, there is an overwhelming probability that she will make her family escape from the relative poverty.

There are many clear applications for where Bitcoin - and the more important underlying technology - can greatly benefit the world. Most of the applications we have considered closely parallel systems with which we are already familiar. The financial aid problem could potentially be solved with Bitcoin wallets for the women in need of financial aid. That’s not to presume that it’s a silver bullet, but it would create a very big difference in solving the problem. This example closely parallels some of the financial aid systems we currently use, but the distribution chain length and cost would be dramatically reduced. It is a more efficient version of what we already have. In many cases, efficiency to the point of being effective where it otherwise wouldn’t work. Reducing the distribution chain by 20 points of contact - to get to a family in need - is what it takes to be worthwhile.

As far as the example with Burundi of A/B testing methods of aid, there is not much like that available to us. Most people have almost no experience crowd-auditing what works because there simply is not enough high-quality data. This may be bordering on the spooky for most people, but that’s because we’ve been conditioned. Our conditioning has told us that centralized organizations control the information, our privacy is under attack and not theirs. We now have the tool to flip that scenario. We can responsibly shine more light on the structural inefficiencies of the world, the corruption, violence, poverty, and attempts at sweeping this stuff under the rug. At the same time we can reduce the need for reductions in personal privacies.

I’m hoping we can work together on this, I guarantee that if you’re reading this -- you can help.

Why I worked on CoinValidation

If you’re unfamiliar with CoinValidation, that about sums it up... It was never clear to begin with. There are several reasons for why it’s not straight forward, and below I’ll attempt to sort it all out. First let me say the following: was an attempt to innovate in what we thought may be the most controversial side of Bitcoin; the identity layer. It is not a specific technology, the idea of whitelisting/blacklisting/xlisting whatever is totally off-base and was a rumor. Here is what CV really is:

It’s a thinktank.

It was an attempt by a small group of people to solve one of Bitcoin’s largest problems: no one was creating new technology in the identity layer of Bitcoin. We did not specifically want to endorse or profit from some piece of tech like blockchain analysis or whitelisting, etc. We simply wanted to explore what was possible. We found some interesting things, like tech that could reduce the risk of privacy loss in the standard KYC model. But that all went unheard because people thought we were trying to hurt user privacy or to affect fungibility.

People thought that we were building a for-profit startup focused on selling tech and user data wholesale... In fact, we were trying to do the exact opposite of that. It could best be described as a thinktank for the KYC and regulatory side of Bitcoin - which we had become familiar with during our time at Bitinstant.

Some of the ideas we explored and want to continue to explore:

  • How can Bitcoin companies comply with US regulations from a legal/tech standpoint?
  • What can Bitcoin companies do differently vs. typical financial companies, but still be compliant?
  • What is possible with blockchain analysis?
  • How can Bitcoin companies communicate patterns of fraud to each other?
  • How can ownership of assets be proven?
  • Can something like the MIT PGP database exist for Bitcoin addresses?
  • Is it unethical to build technology that enables Bitcoin businesses to tie into legacy systems?
  • How sensitive is the Bitcoin community to a group of people experimenting with what’s possible?

Here are some of the realizations we’ve had in exploring the above questions:

  • We facilitated the first underwriting of a mortgage to a bank as a proof of concept.
  • Bitcoin companies can comply with the regulations, and yes it is very limiting.
  • There are sophisticated ways that Bitcoin companies can communicate fraud patterns to each other.
  • That kind of communication could prevent another Mt. Gox type of failure, which is inevitably going to happen because it is not being addressed.
  • Blockchain analysis can be really scary.
  • Bitcoin is not anonymous in most contexts.
  • We designed a new way of hashing KYC data so that five points of attack can be reduced to two.
  • We found ways for companies to satisfy BSA requirements without having to store or transmit user information.

We stopped working on exploring these concepts because

A) No profit model translates to no funding. B) The community tried to burn us at the stake, hence no funding. C) I realized that I am not the best at public relations, and it's hard to convey what I want to convey.

I continue to work on innovations on the regulatory front, but for obvious reasons - not at the level I probably should.

Still, here is what I believe is possible for companies:

  • Satisfy regulatory requirements here in the US if they want to.
  • Do it in a way that risks user privacy much less than what is currently in place in the Bitcoin ecosystem.
  • Have a system with less fraud, better consumer protection and AML, and less privacy loss than what exists in traditional financial AND current Bitcoinland.

Now the fact that it is possible  - doesn’t mean I’m endorsing it. Working with regulations here in the US is not some lofty philosophical decision for me. Businesses are going to work within that framework regardless of my thoughts on it because that is what the market will dictate. I’m simply trying to help navigate that landscape responsibly... Even though my personal philosophies are often in line with those of libertarianism.

People are going to buy their Bitcoins in the most efficient and effective way possible to them. The path the masses take to acquire and use Bitcoins will be the one which has the best user experience, closely parallels what they are used to, and costs the least. The masses don’t care about Ayn Rand or crypto anarchy.

We can push the boundaries of what is possible if we can stop fighting and solve real problems. Problems like this:

  • Why are users giving their KYC information to shady companies?
  • Why is the community trusting $700 million to one dude with an exchange written in PHP in Japan?
  • What is being done to prevent that from happening again?
  • Why is multi-sig not in full effect on every wallet valued greater than $1000?
  • Why is the community already satisfying most of the regulatory requirements, kicking and screaming that they exist, and then doing almost nothing to realistically change it?

Real change takes real work, and it’s not going to get done if the people innovating are ostracized for thinking outside the box. Creating real change is a massive undertaking. The challenge of navigating the Bitcoin legal landscape is going to take a lot of hard work and cooperation. Please feel free to comment with your questions about regulation here in the US - we have a lot of experience in this space and want to share what we’ve learned.

Of course CV failed at reaching minds with what we thought was very important information. But failing is how we learn sometimes, and I'm grateful that there are those in the community who see that what we work on is valuable. Thank you.

How Many Eyes Are on the Books?

Echoing the sentiment of Ryan Straus (Ridell Williams); the overarching issue at the forefront of Bitcoinland is that Bitcoiners place a lot of trust in individuals and organizations. That’s not to say placing trust in people and institutions is always a bad thing, but that trust needs to come with safeguards. The recent events at Mt. Gox are an articulate illustration of those challenges. For years, Mt. Gox was a mainstay of Bitcoin. Gox allowed many people to get involved in digital currency with ease and relative security. We can thank Gox for much of the early adoption and infrastructure of the community. Ultimately the trust was betrayed. We saw technical glitches, a lack of communication, and wild levels of volatility.

Most of this could have been prevented with solid tech, transparency, and outreach. Still, I subscribe to the idea that Mt. Gox has given us a great gift. We can learn from their shortcomings and reference their successes for the next level of Bitcoin infrastructure.

Having developed software for a while, my greatest lessons draws from moments of failure. There have been amazing tools developed purely from breakdowns in software. These tools help us prevent, detect, resolve, and communicate about technical issues which naturally and inevitably evolve. I believe 2014 is a year where we can build some of those tools for Bitcoin.

The tools the community most needs to focus on are:

Triple-entry accounting: While this term is somewhat vague, I envision it as a method for reconciling a company’s books. In essence, you could assign a Bitcoin address as the holder of funds for the traditional double-entry accounting verticals. Operating expenses, accounts receivable, salary, investments, etc. could have dedicated Bitcoin addresses for the inflow and outflow of funds. This would make it much easier to visualize funds flow both internally and from the perspective of an outside auditor.

Ledger transparency: This piggybacks off of the idea of triple-entry accounting. I half-jokingly tweeted that managers of the future will be able to crowdsource peer-review of their records. For many organizations, like non-profits and publicly traded companies, stakeholders want transparency but the presentation methods are fairly analog. The idea is to digitize all of an organization’s fund flows, and make it available on something like the blockchain - so that people who know the correspondent Bitcoin addresses could verify that financial statements are accurate.

The implications of this are far-reaching, and an understanding of how it would play out practically are to be determined. Many people would prefer to invest or donate to an organization where the financial representations were accurate. The existence of ledger transparency is inevitable simply due to the competitive advantage. The upside for the organization is increased efficiency and reduced cost for auditing, as well as a lower risk of financial inaccuracy. People want to know “How many eyes are on the books?” The answer could soon be “Everyone’s.”

Full-Reserve Bitcoin Banking: We have the technology to prevent fractional reserve of our assets. This is the cutting edge of Bitcoin security. It’s shiny, it works, and not enough people / organizations are using it. Existence and placement of assets can be cryptographically proven and movement can be restricted with extremely granular configurations (multi-sig.)

Insurance: When all else fails, there is insurance. A Bitcoin depository institution could have an extremely secure system of storage. Risk could then be calculated and deposits insured.

Modularization: In the financial industry, there is a great deal of modularization. It is imprudent to have a single entity act as a depository institution, clearinghouse, order-matching exchange, and auditor all at once. These tasks can be separated for increased efficiency, reduced risk, and greater scope-precision. This is important for three reasons:

  1. It is easier for business operators to build smaller-scope products.
  2. When one of those competing products fails, the entire system doesn’t halt - it is swiftly replaced.
  3. Maintenance of a module does not require system-wide downtime.

Granted, the financial community has had several hundred years to evolve to the point of efficient compartmentalization. Fortunately for Bitcoin, most of the work has been done and we simply have to parallel many of the models that exist. We can even step it up a notch with transparency and decentralization of trust.

It is important that we remember the spectrum of what we like in principle and what is possible today, this week, this year, etc. It is going to take some time to revolutionize finance with the power of cryptography. We are still waiting for sweeping changes to happen overnight. It’s been 5 years, and we’ve resigned to working on what is practically achievable in experience-based timeframes. The items discussed above are our goals for 2014. Our focus is on the option of transparency, importance of choice, and the obsoletion of coercive trust.

(1) “If I own several pounds of gold, I may not want to keep all of it in my home.” (2) has taken initiative to implement TE accounting for one of their companies as a proof of concept. Research is ongoing and results will be shared by year-end.

Syndicated from - on March 7th, 2014

Bitcoin is just the beginning

4:50am Saturday June 7th 2014

It’s been about 5 years since I first heard about Bitcoin. I was recently asked how I fell into Bitcoin, and I thought for a moment - can I remember?

It was vivid. I read the white paper, sat for a few moments and read it again. After finishing the second time, I paused. Because I had realized the simplicity and sheer power of a new concept. A concept where I was surprised for humans having not invented it earlier.

Here is - in my opinion - the entire premise of Bitcoin:

  • Pretend a town has one cart that people borrow to move things.
  • There is a piece of paper in the middle of town where the last person to have the cart has to write down who they give it to.
  • The piece of paper serves as a record of who possessed the cart at a given point of time, who they received it from, and who they gave it to. It also shows the creator of the cart, and the last person to hold it.

This allows the town to keep track of the cart, so that if it goes missing, or a piece is broken, there is a record of who is responsible.

With Bitcoin, we can facilitate this piece of paper on the internet. Except that the town is the world, the cart is a representation of all things which have value, and the person is everyone who wants to participate (including, maybe, the robots.)

We have explored the power of this concept over the past 5 years, and it has led to an 8.5 billion dollar ecosystem.


What’s remarkable is that the ‘Bitcoin’ people are familiar with (the one we hear about on the news) is just the first experiment. It’s the first interesting thing we tried doing with the above simple but powerful concept.

There’s a great deal more to come... instead of the cart representing cash, it could represents votes. It could represent identity, data, friendship, cars, pickles, vaccines, ideas…

At any time anyone with internet access could see how their government was spending taxes. They could see this without giving away their personal privacy. People could vote and it would matter. They can vote to require governments and corporations to reveal themselves perhaps without individuals needing to do so. They will enforce those votes because the natural course of this new system is to give control back to distributed consensus.

Digital currency allows me to purchase yogurt from an autonomous yogurt shop. The yogurt shop has no one owning it, it is a piece of code. It can buy supplies, repairs, ingredients, and pay its taxes without human involvement. It can buy additional property and replicate itself if it is profitable.

What if this future is inevitable and it is our generation's job to reduce the amount of time it takes to reach fruition.

The decentralized public ledger solves one of the ancient problems. The problem of how a community organizes itself past a size of ~150 individuals.  Keep an open mind, we may have just solved it. And don’t worry, it’s not some orwellian or huxley future. It’s not terminator 2 with us vs. the robots. It’s a force which decimates centralization through competitive advantage and redistributes value to the masses. It’s math, it’s beautiful, and I’m up until 5am writing about it.

Check out
My Twitter:
Bitcoin Reddit:


A reflection on the small part I play in the movement towards a type 1 civilization

This is an exciting moment in human history. The Internet has provided humankind the ability to communicate over great distances and access to information and collaboration that’s unprecedented. The result is a great push in the advancement of our species. As a part of this technological wave of improvement, I have taken a moment to reflect on what that means now and for our future and how we can each contribute to the advancement of our civilization. The Internet is really, really cool. Anyone in the world can communicate with anyone else in the world in a split second, as long as they’re connected to the Internet. This is a huge deal.

I rank the Internet as the third greatest technological achievement in human history (behind only fire and electricity). It provides us a global communication system that accelerates advancements in every other field of human study: Medicine, mathematics, physics, name it. With the Internet, we can perhaps achieve more in the coming 50 years than mankind has accomplished in the past one thousand.

With the Internet, Socrates’ famous words have never rung truer: “I am not an Athenian or a Greek, but a citizen of the world.” We are no longer a tribal species; we are a global species. Today, we can easily send information, currency, physical goods, and communications around the world in trivial amounts of time. If we follow the natural path that these advancements present, we can truly achieve a global culture, global governance, and hopefully global peace.

It is easy to see that education has the power to change some of the bad stuff in the world. Technologies and infrastructure like those offered by Wikipedia, Google, Twitter, Facebook, Amazon, Reddit, PayPal, and Bitcoin are enabling communication and the sharing of knowledge and information which is progressing us towards a global civilization. Anyone with access to the Internet can connect to sites like Carnegie Mellon, Stanford University, or the Khan Academy to take high-quality courses for free. They can then share what they’ve learned with people around the world on sites like Reddit, Tumblr, Stack Exchange, and Wordpress. This type of access to information and interaction is unprecedented. People from all walks of life and cultures are collaborating - thinking, learning and problem-solving together. I love it. This system, with all its benefits, is empowering individuals, but it also feeds “Big Brother.”

The concept of a global government is frightening. George Orwell opened many people’s eyes to the idea that one-way transparency is a bad thing. We are seeing real manifestations of his fictional “1984” in the news lately. Governments are definitely spying on their citizens. In the US, every word written and spoken has a good shot at being recorded and stored somewhere in Utah. Even still, I'm willing to wager that technology and freedom of information will overcome the rise of tyranny.

There are many who say “if I’m not doing anything wrong, what do I care if they watch me.” The problem is that you may think you’re not doing anything wrong, but the government may think otherwise. Many countries censor the politically outspoken, even torturing and killing those who do not support the party in power. The constitution and the bill of rights in the US argue for the freedom of speech, due process, checks and balances, and the right to not self-incriminate - but it is becoming clear that the US no-longer plays by its own rules.

The potential for corruption and using new technologies to go after law-abiding citizens is eye-opening. Fortunately, the transparency cuts both ways - leaking information and whistleblowing are easier than ever.

We are on the precipice of a global renaissance, and very few of us even realize it. The idea of contributing a single line of code, or a single blog post that brings us closer to capturing a type I civilization motivates me to write that code. It is why I am so passionate about technology.

As we’re in the midst of these exciting times, ask yourself this: how would you react if electricity was just invented? Would you behave like the majority of people who scoffed at it as a parlor trick?

There’s a good story about a man who thought that electricity could change the world. His own father thought that he was a fool. Now, JP Morgan stands as one of the most respected and visionary business men of all time. If only we could all reflect on this moment in history, it might teach us to respect each innovation for having the potential to change the world.

When a decentralized communication system (the internet), a decentralized currency (Bitcoin), and a decentralized voting system (TBD) come knocking at the door - will you jump on board?

Getting back into code

It's surprising how quickly I forget how to move around in code. It is nothing like riding a bike (which I also don't do as much as I should.) After spending a few months away from PHP - I suddenly have two projects where I am working exclusively in it. There's something magical about sitting in some new code, solving problems and listening to good music.

I have a lot of catching up to do. I learned about latent static bindings a year or so ago but I totally forgot how to use them. I literally have an empty database_object include in all of my projects. #wishfulthinking

Not to mention, 5.4 being released and I haven't even checked out the changelog.

Another tidbit of "entrepreneurial freedom" aka I don't have a corporate job right now:

I  have been catching up on the free crypto class I missed earlier this year. Dan Boneh has put together an excellent course on cryptography - you can find it either on Youtube or at the Coursera site (requiring a free sign-up). Some of the topics and explanations are math-intensive. Although, even the novice mathematician can follow the over-arching theories and bird's eye explanations.

One advantage to taking the Coursera class (as opposed to YouTube) is that it pauses for the Q/A section of every lesson. It's such a good feeling to get correct answers on such a complex topic - especially when you haven't touched discrete probability in over 5 years.

I can't take credit for getting the correct answers though. Prof. Boneh does such a good job of explaining the material. It's easy enough to get a few answers right. A lot of the notation escapes me, but Prof. Boneh waters some of that down to plain text.

If you're mildly interested in cryptography but don't need a Stanford-level education in it, at least check out this one video on crypto history:

If anyone is interested in taking the course and wants to discuss some of the topics - please let me know. The YouTube comment section is surprisingly vacant.

Edit: I forgot to mention that Amped Web Design is in the process of becoming an LLC (finally) and I can officially call it Amped Web, LLC. This is a very exciting milestone for me - but is probably meaningless to all other humans.

Having an identity online is hard and the fear of being exposed is in your head.

TLDR; I give my experience with online identity and ideas as to where it is headed. Over the years I have held several monikers on the Internet. Not only is it easy to conceal an identity but it is seemingly encouraged by various registration forms. The simple absence of Your full name: as a hard requirement panders to people's creative expression.

Until recently, the masked Internet was thriving and mainstream. I say until recently with reluctance. There is still a thriving anonymous community but the majority of people (on Facebook, Twitter, Google) are using their real names to identify themselves.

People going by their real names online used to be rare, especially in online social interaction. The concept of using your real name online wasn't bad - it just wasn't necessary.

For many of the pre-social network internet inhabitants (irc, aol, usenet, hackers, 3l33t, etc.), having an identity online tied to 'real-life' was an offense. When social networks embraced and required the use of real names, there was somewhat of an outcry.  It was an affront on one of the core positives of the Internet; the freedom to express oneself.

Having a username like th3j35t3r or TimBL up to 2004 almost guaranteed anonymity. It was fairly easy to sterilize one's online identity from the day-to-day family and social life. If you said something controversial online, it didn't echo out into reality.

The computer was essentially a black box where anyone could be and say whatever they wanted, with no consequence. A passionate secret for the technically inclined and a preservation of self. For many it was 1984's hidden notebook.

That snapshot has changed, and online identity is now a complex and mysterious subject.

For the majority of people, having an anonymous identity is emotionally rewarding. It isn't a serious security precaution or a preventative measure arising from paranoia. It's a luxury pair of sunglasses and not a Kevlar vest.

I wear those sunglasses and occasionally I see people wearing the vest. (I have also tried to wear that vest but the weight of it is annoying when I know my head's still exposed.)

Having a purely anonymous identity online is harder because tracking people is easier. A relatively inexperienced geek can find out who someone is without writing a single line of code. Root passwords to secure systems can be obtained via social engineering. Cookies, analytics, cross-site tracking, persistent multi-site sessions, etc. have made it incredibly difficult to have any control over who you are online. It sounds pretty bad for securing information, let alone identities.

Being anonymous was great, until I wanted to do some online banking...

This isn't a doomsday manifesto. Today, being controversial or outspoken is fortunately passé. Facebook has made us all a little more accepting of everyone else's crazy.

As much as we're losing anonymous, we're gaining acceptance of transparency.

So there you have it, a glimpse into my conscience - online and transparent. Fortunately for me, no one reads it - so I don't fear being judged. (I track my readership with Google analytics)

As for the people that wore Kevlar vests: they've just had to spend a lot more time building better vests. They now build and sell the vests. My point is that if you want your  pseudo-identity to be really secure these days; you had better devote your career to it or pay someone that has.

We could also accept that there is no such thing as an unbreakable safe and that most people don't care to read our diary anyway. We're too busy reading Aldous Huxley's wiki.

How to: Dropbox

So I just uploaded a video to show people how to download and install Dropbox:

I just wanted to add a post to my blog to cover some additional information that people might find useful. So here are some key points I wanted to make:

-It's free to use and easy to install. -Dropbox can be used to share and sync files between two or more computers. -Files can be added to the Dropbox/public folder to make them public. Right clicking on the file, and selecting Dropbox->Copy public link will give you a link to the file (which you can give to anyone wanting to download the file.) -It's supported on Linux, Windows, Mac OSX, Android, and iPhone/iPad.

So this is my first software how-to video, and I plan to do many more. I'm going to try to knock off the easy ones first. This way my video editing/voice over techniques will be up to snuff by the time I do the advanced videos.

Here is a selection of some of the videos I am planning (there are many more in my lists):

Software -How to: Sync your keepass across multiple computers -How to: Install virtual box with Ubuntu natty -How to: use Google Analytics -How to: use Google Plus -How to: use Git

Hardware -How to: install RAM -How to: apply thermal paste to a GPU -How to: replace a hard drive in a laptop

If you have recommendations for additional how-to videos, please feel free to comment here or on my YouTube.

Geocities - so many memories

Probably one of the earliest catalysts to my development as a web development professional, Geocities has finally come to pass. Hearing this news feels like I just threw away the training wheels I kept in my attic for the past 17 years (I don't). Geocities began its adventures in 1994 and quickly became the first place for internet users to have their own "webpage". The blogosphere is probably the 4th or 5th evolution from those humble beginnings.

I get nostalgic remembering my first lessons in HTML and how I had no idea that today I would be blogging in my underwear surrounded by empty caffeine vessels.

Geocities, I'll miss you old friend.